Sandboxie cannot open (a sandboxed) Firefox anymore

[Curt@invincea]

In Norton, under Administrative Settings, disable both options under "Firefox Cleanup".

[bjm]

Postby Craig@Invincea » Tue Oct 27, 2015 3:58 pm

Norton 22.5.4 Product Update available now
https://community.norton.com/en/blogs/p ... ilable-now

[MDrew]

@MDrew

Can you tell us what version of Norton360 you are using? You can find this under Help>About see image..(This image is Norton360 Trial on 7/64)

I am now running Norton AV 22.5.4.24 (not 360) - this is the "latest" version of this program, I "updated' when I reinstalled Norton several days back and this is not the engine that was on my computer back on the 20th when this all hit the fan. FWIW, neither engine allowed FF to run sandboxed (although while uninstalled FF did run under SBIE)

I see that my assumption that this "bug" stopped at Windows 7 was incorrect - this is disheartening because I thought that at least this was some sort perimeter to work within -- sorry.

[safemist]

In Norton, under Administrative Settings, disable both options under "Firefox Cleanup".

Tried it. No joy.

If I use Windows Firewall (8.1) + Defender + Sandboxie, would that seem like reasonable protection?

[Jeffrey]

Screw Norton and go with free (or paid) Avira. I've been using it for years without any problems. I know a guy who actually makes money removing Norton from peoples computers. The insidious thing about Norton is it still exists even after you remove it from Add/Remove.

[Craig@Invincea]

In Norton, under Administrative Settings, disable both options under "Firefox Cleanup".

Tried it. No joy.

If I use Windows Firewall (8.1) + Defender + Sandboxie, would that seem like reasonable protection?

Yes, It's what a lot of people use (including me and Curt). If you are surfing the web sandboxed, nothing can get to your host. If you want to see what's infecting your SB, then Defender or any free A/V will show you. The purpose of SBIE is to protect your machine from the outside world.

[Curt@invincea]

In Norton, under Administrative Settings, disable both options under "Firefox Cleanup".

Tried it. No joy.

If I use Windows Firewall (8.1) + Defender + Sandboxie, would that seem like reasonable protection?

I reproduced this 10 times in Win 8.1-64 with the latest Norton trial and Sbie 5.06.

1) Ffx hangs on startup.
2) Disable Firefox cleanup in Norton.
3) Terminate Sbie processes.
4) Start Ffx. Starts immediately.
5) Close Ffx.
6) Re-enable Firefox Cleanup options.
7) Reboot
8) Ffx will again hang on startup.
Repeat.

[bjm]

FWIW ~ I've always had Norton v22.x TuneUp/Performance Tools disabled.
current Norton v22.x is v22.5.4.24

[Peter 123]

@ Curt:
Sorry, I must confirm safemist's experience. I immediately looked at my configuration concerning Norton ---> Administrative Settings ---> both options under "Firefox Cleanup". And I saw that I had already disabled both options all the time. (Like bjm ) Nevertheless the issue exists.

If you are surfing the web sandboxed, nothing can get to your host. If you want to see what's infecting your SB, then Defender or any free A/V will show you. The purpose of SBIE is to protect your machine from the outside world.

That's already your (= the staff's) standard answer in this thread.

What I wonder about:

1. If things are so easy and safe as you assert: Why is there such a variety of configuration possibilities in SBIE?

In other words: What you claim, does it apply to a sandbox with the default configuration or is this degree of safety only assured with a specific configuration?

And in case that the default settings should be sufficient for the safety you promise: What is the necessity to configurate SBIE nevertheless in a more restrictive way (restrictions for Internet access, for start/run acess, the Drop Rights feature and a lot of other things)?

And the other way around: In case that "real" (or "full") security can be achieved only with some of these restrictions: Wouldn't it be necessary to inform the users about it instead of absolutely saying "nothing can get to your host"?

2. That's a repeat from what I had asked above:
Some people want to have a second security layer while using the Internet (some kind of additional browser protection, especially against drive-by downloads from malicious websites etc.) - regardless of the protection given by SBIE. Do Microsoft Security Essential (MSE) respectively Windows Defender have features for such a protection (as Norton Internet Security does)?

3. Also from above (and connected with question 2):
There may be situations where I must (or simply want to) use my browser outside of the sandbox. Will I be protected in this case when using simply MSE or Defender (namely protected in the same way as e.g. with Norton Internet Security ?)

PS:
Bo, especially concerning questions 2 and 3, perhaps you can give us a solid answer?

[bjm]

MSE; Does Anyone Still Use It?
http://www.wilderssecurity.com/threads/ ... it.379323/
Wilders member Martin_C seems to be knowing re MSE/Defender.

[Peter 123]

MSE; Does Anyone Still Use It?

I also wondered what the relation with Windows Defender is and I found out the following:
http://answers.microsoft.com/en-us/prot ... 9fd?auth=1

"Question:
Is Microsoft Security Essentials (XP/Vista/7) designed to replace Windows Defender?
Answer:
No but if you are running Microsoft Security Essentials, you do not need to run Windows Defender. Microsoft Security Essentials is designed to disable Windows Defender in order to manage the PC’s real-time protection, including anti-virus, rootkits, Trojans and spyware.

Q:
Does installing Microsoft Security Essentials (XP/Vista/7) disable Windows Defender?
A:
Microsoft Security Essentials should disable Windows Defender on Vista and Windows 7 and uninstall it from XP. In some cases, this does not happen automatically.

Q:
Can I install Microsoft Security Essentials on Windows 8?
A:
No. Windows 8 already has a full antivirus/antimalware product installed. Windows Defender on Windows 8 is more like MSE than like Windows Defender on older versions of Windows."

So for example in my case (Windows 7) only MSE would be an option (and not Windows Defender).

[richard329]

I mentioned it in this thread some pages before:

XP, SP3 (32bit)
Firefox 41.0.2
Norton Antivirus Online vers. 22.5.4.24
incl. newest live updates of October 27th
trials with Sanboxie 4.20, 5.04, 5.05.2 and 5.06
-> CANNOT open a sandboxed Firefox browser

Win 8.1 (64bit)
nevest Windows updates
Firefox 41.0.2
Norton Antivirus Online Backup vers. 22.5.2.15
incl. newest live updates of October 27th
trials with Sanboxie 4.20, 5.04, 5.05.2 and 5.06
-> CANNOT open a sandboxed Firefox browser

Win 7 (64bit)
nevest Windows updates
Firefox 41.0.2
Norton Internet Security Online vers. 22.5.4.24
incl. newest live updates of October 27th
running Sanboxie 4.20 (!)
-> STILL NO PROBLEMS opening a sandboxed Firefox browser

All of these three systems are configured equal regarding the settings in Firefox, Norton and SBIE.

It leads to no clarification, but it shows the difficulties in isolating the problem.

BTW: No problems running a sandboxed Chrome browser with Norton A/V !

[bo.elam]

PS:
Bo, especially concerning questions 2 and 3, perhaps you can give us a solid answer?

About question 2. Pete, extra protection for the browser? I recommend script blocking. On Firefox, the real thing is NoScript. In my opinion, blocking scripts and ads with something like Adblock plus does more for security than using a toolbar or web guard, like Norton. MSE or Window defender don't have any of that. I see that as a plus.

About question 3. As Sandboxie users, I think running our browsers out of the sandbox ought to be rare. For Firefox, perhaps only when is time to update versions or update addons. Those are the only times that I run Firefox unsandboxed. You should be able to do sandboxed just about anything that you want to do with the browser. And feel natural doing it and comfortable.

I haven't had an AV for almost 5 years. So, I have been updating unsandboxed without an AV for almost 5 years. And I never gotten infected. Do I think you should worry for spending a few minutes running the browser unsandboxed, all I can tell you is that doing it doesn't make my heart pump any faster. Maybe that is because I have NoScript. Try NoScript sometime, not only works great but best of all, it doesn't conflict with Sandboxie. NoScript blocks silently, like SBIE, it feels like its not even there. You having MSE or an AV that "don't interfere with SBIE", thats a nice extra.

You didn't ask me about one but I tell you what I think. Easy? Security is very easy when you take full advantage of all that SBIE offers. My friend Pete, you are not doing that. When I look at the picture that you posted earlier of your Run sandboxed box that shows the sandboxes that you are using and I only see two and only for browsers, I know you are not getting everything that you could be getting out SBIE. In my opinion, instead of looking at what you ll get with this or that AV, you should be looking at all that you could be doing with SBIE, like sandboxing your Office files, EMail client and attachments, videos, pictures, PDF files, USB drives, Downloads folder, etc, and any file that gets created in your computer.

Bo

[Peter 123]

Thanks, Bo, for your helpful (as always) reply.

About question 2. Pete, extra protection for the browser? I recommend script blocking. On Firefox, the real thing is NoScript.

Of course I use NoScript already a long time. (So I think with my present solution SBIE + NoScript + Norton you regard me as overprotected concerning my browser. )

About question 3. As Sandboxie users, I think running our browsers out of the sandbox ought to be rare. For Firefox, perhaps only when is time to update versions or update addons.

Yes, mainly in this case. But there may be some other situations too (although not too many, right): E.g. certain websites where you have to log in regularly (let's say one time in a month). O.k. this is something you can do in the sandbox of course and it will be "registered" correctly at the website. But often it is combined with the option: "Would you like to stay logged in on this computer?". And this possibility is gone if your login was in the sandbox and not outside of it. (But o.k., you can qualify it also as a quite harmless activity when logging in one time in a month outside of the sandbox on a website you know ...)
Ah, one more typical situation: Often websites that open from a software (respectively from a helpfile in a software etc.) do this directly in the non-sandboxed browser (e.g. certain links within Norton, but also various other programs). I think one can change this behaviour but I believe this is rather complicated.

Only a short reply to these remarks (in order not to become too much off topic):

When I look at the picture that you posted earlier of your Run sandboxed box that shows the sandboxes that you are using and I only see two and only for browsers, I know you are not getting everything that you could be getting out SBIE. In my opinion, instead of looking at what you ll get with this or that AV, you should be looking at all that you could be doing with SBIE, like sandboxing your Office files, EMail client and attachments, videos, pictures, PDF files, USB drives, Downloads folder, etc, and any file that gets created in your computer.

In these cases I do not need SBIE for the following reasons: no Office files from other sources (only my own ones); no material from USB drives; no E-mail client (only web-based mails); material downloaded from Internet (it happens rarely) comes hopefully only from reliable sources and is checked by the AV program and often also via VirusTotal by a lot of others. In these cases my philosophy is: If I cannot be (more or less) sure that these files are safe I do not want them at all on my system.

[bo.elam]

.... (So I think with my present solution SBIE + NoScript + Norton you regard me as overprotected concerning my browser. )

Way way overprotected. But in my opinion, if you use an AV that gets along with SBIE, thats a plus. If you use one that interferes and conflicts and you have to open holes in Sandboxie to make it work, that brings SBIE down and weakens it. In my opinion, thats bad.

Ah, one more typical situation: Often websites that open from a software (respectively from a helpfile in a software etc.) do this directly in the non-sandboxed browser (e.g. certain links within Norton, but also various other programs). I think one can change this behaviour but I believe this is rather complicated.

Forcing your browsers to run sandboxed automatically is not complicated. You have a license, you can do it. All you have to do to make your browsers Forced programs is add them to the list of forced programs in Sandbox settings in your browser sandbox.

Bo